Privacy Statement (GDPR)
If you contact me, this indicates that you have read and understood the information detailed in the Privacy Statement Notice supplied. I process your personal data in line with GDPR legislation (General Data Protection Regulation) May 2018 (EU).
Any information collected by me when you enquire or use my services will only be used in accordance with this privacy statement. I will never share your information with a third party for marketing purposes.
For me to fulfil my role as a psychological therapist, I take anonymised notes in each session and store these notes in your file. My notes allow me to reflect, process the information and adhere to our treatment plan throughout the duration of your therapy journey. I only use your data in ways you would reasonably expect.
How do I collect information about you?
When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email or my reply is 100% secure. It is important that you understand that no data transmission over the Internet can be guaranteed to be 100% secure. I send a booking form for you to complete. If you wish to send me any documents via email and have any concerns about confidentiality and the data contained within your documents, I am happy to arrange an alternative method.
Over the phone
If you choose to contact me over the phone, I will collect information from you as a prerequisite for inviting you for an assessment. If you engage in therapy services, I will send you a booking form to complete asking you for personal details including your name, mobile number, and email.
Face to face/Online (Zoom)
When you attend for therapy sessions (CBT/EMDR), I collect and record data from you to get to know you, understand you, and help you overcome your difficulties. This information is stored in paper format and on an encrypted laptop. The therapy diagrams and information we develop in session together I will give you a copy of or you may have the only copy of diagrams.
What type of information is collected? And what it is used for
I will collect the following personal information from you, either at the pre-assessment stage (on the phone/via email/via my website/online platforms), or face to face:
✓Date of birth (Bupa clients only)
✓Insurance Details (if you are paying through your health insurance policy)
✓Detailed history of your early experiences (Essential for EMDR therapy)
✓Physical and mental health history (including history of alcohol consumption, drug use and any medication previously prescribed)
✓Current physical and mental health symptoms including suicide risk, alcohol and drug use, and any medication you are currently taking
✓Offences and alleged offences
✓Questionnaire scores (questionnaires that assess the severity of your symptoms)
I collect the above personal and sensitive data from you to ensure that the service I provide to you is adequate, and for monitoring and evaluation purposes. I process personal information to enable myself to provide cognitive-behavioural therapy/emdr therapy. All the information I collect is for legitimate purposes.
Who your information may be shared with?
There may be occasions when I need to share the personal information I process about you with third parties, specifically, your insurance company or other health professionals involved in your care (see below). When I do so, I comply with all aspects of the Data Protection Act 1998 (DPA).
Your insurance company
If you are claiming the cost of your sessions through your insurance company, your insurance company may request details of your treatment and progress from me in order to authorize further funding for your treatment. Under these circumstances, I will share the minimum amount of information necessary with your insurance company.
There are three situations where I would share your information with third parties, without your consent:
•Court Order: If I am required to disclose data about you under a Court Order
•Child Protection: If I am concerned about the welfare of a child, i.e., where there are child protection issues
•Risk to self or others: Where there is an imminent risk of harm to yourself or others, i.e., you have expressed an intent to kill yourself, or to kill someone else, imminently.
As per the BABCP Standards of Conduct, Performance and Ethics, I must take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk, including following national and local policies.
Retention period-how long do I store your data?
The retention period is 7 years, with 2 main criteria for determining this retention period.
Criteria 1: According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this period.
Criteria 2: The second criteria that I use in deciding how long to store your data is the likelihood of you returning to me for further therapy at some point in the future. In my experience if a client returns to me for further therapy in future, they normally do so within seven years. Once you are discharged from my service, your file is stored securely in a locked, secure storage facility off site for seven years, after which your file is shredded.
Security of information shared over the internet.
I process your personal data in line with GDPR legislation (EU) 2016/679 and take all appropriate measures to keep it secure. I make every effort to ensure that your personal information is held securely and to safeguard against unauthorised access to your personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure and this is transmitted at your own risk.
Right of Access
You may request details of personal information which we hold about you under the Data Protection Act 1998 and in line with GDPR legislation (EU) 2016/679. Depending on the volume of information requested and the administrative costs involved in providing you with this information, there may be a charge for this information. You will be informed of the costs at the time the request is made. Requests for information must be put in writing. If you would like to request access to the information held on you, please email me.
Requests that are considered excessive or unreasonable may be refused. In the event your request to obtain details of information held about you is refused, you will be provided with an explanation as to why that is.
Right to rectification
If you believe that any information, I am holding on you is incorrect or incomplete, please email me with details and I will promptly correct any information found to be incorrect.
Right to lodge a formal complaint with a supervisory authority
If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this Regulation, you can inform the ICO (Information Commissioner’s Office) or by phoning their helpline on 0303 123 1113.